proposal: unify http client and add tls support for druid endpoints

[JSchlarb]

Hi

I've set up apache druid with the operator and enabled tls in the env and encountered several limitations with the current implementation

issues found // resolved
router service url and ports are hardcoded
no tls support for connecting to druid

proposed solution
I'd like to prepared changes that would:

1. unify all http client creation in a single place with dynamic port/service discovery from the actual druidSpec

2. add TLKS support (insecureSkipVerify // ca certificates via secret)

3. add endpoint configuration to druidspec:

   spec:
     endpoint:
       url: "https://external-druid.example.com:8443"
       insecureSkipVerify: false
       caCertSecretRef:
         name: druid-ca-cert
         caKey: ca.cert

questions

are you interested in these enhancements?
if yes, would you prefer: one pr with all changes, or multiple smaller prs (e.g., first unify client, then add tls, then external endpoints)?

I have the code ready and tested (at least running in a cluster). Happy to contribute based on your preferences.

thanks!

[AdheipSingh]

Sounds good to me. Since all is part of ingestion controller you can send a single PR.
Thanks.

[Rasnar]

Oh I didn't see this discussion when I started looking at this problem last week, and I came up with this implementation for the Druid router port/protocol discovery that parses the runtime config:
#234

We have a similar issue, because we use https, however we use a valid CA (AWS) so we don't had the issue to provide our own there.
But maybe moving your proposal at the spec level is a better idea. The current discovery of the service list is kinda nice, this is why I built it on top of it.